SOC 2 Services

SOC 2 for Microsoft Azure

NDNB is one of the world’s leading providers of fixed-fee SOC 2 Type 1 and SOC 2 Type 2 audit reports for businesses using the Microsoft Azure cloud computing platform. Similar to Amazon AWS, Microsoft Azure offers a wide-range of on-demand, cloud-based services and solution for increasing productivity, cost-savings, and much more.

Also similar to Amazon AWS, customers using the Microsoft Azure platform are offering numerous services to other businesses, thereby brining in notable regulatory compliance reporting mandates.

NDNB. North America’s Microsoft Azure SOC 2 Compliance Experts.

Our expertise with Microsoft Azure begins with auditors certified through the Azure list of proprietary certifications. Furthermore, from a volume perspective, NDNB has assessed a large number of cloud-based services providers that rely exclusively on the Azure platform. Bottom line, we’re experts in terms of understanding the complex, ever-changing Microsoft Azure environment, which means cost-savings and auditing efficiencies to our customers. Speak with Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDNB’s SOC 2 Microsoft Azure expertise.

Critical SOC 2 Items to Know Regarding Microsoft Azure

SOC 2 auditing with the Microsoft Azure platform – and really, for any type of audit – brings to mind the importance of understanding the Shared Responsibility Model, something that Microsoft discusses in detail through an assortment of white papers and other supporting documentation. With three traditional cloud models in place – IaaS, PaaS, and SaaS – Microsoft highlights the importance of both customer responsibilities and the responsibilities of Microsoft Azure themselves.

Thus, for purposes of SOC 2 auditing – and really, any other regulatory compliance mandate – it’s important to note the following for Microsoft Azure:

There are clear lines of responsibility, but often, there are also shared roles when it comes to responsibility regarding security in the cloud.

Auditors need to identify and confirm responsibilities, as this helps determine tests of controls for SOC 2. NDNB has extensive experience in performing this very task for customers using Azure.

Supporting physical infrastructure is primarily Azure’s responsibility, while host infrastructure (such as configuring and deploying virtual hosts) is the responsibility of the Azure customer.

Different models of cloud offerings result in different responsibilities and high-quality, experienced auditors – such as NDNB – can quickly identify and determine audit scope, effectively saving you both time and money.

5 Critical Next Steps for SOC 2 Success in Microsoft Azure

Assess Scope and Ownership of Controls within Azure: Again, as we spoke earlier about Microsoft Azure’s shared responsibility model (much like Amazon AWS’), businesses operating in the cloud need to determine ownership of controls, testing procedures to perform, and more.

The more clarity you have on who “owns” the control, the less time have you have to worry about scope creep and other nagging audit items. Time is money, so turn to NDNB and we’ll help you properly scope your SOC 2 audit.

Determine the Applicable Trust Services Criteria (TSC): There are five (5) Trust Services Criteria (TSC) to consider in terms of SOC 2 reporting. Which of the TSC are going to be included in scope and why? Do you have client commitments for certain TSC’s? What is the basis for choosing the relevant TSC’s? Important questions you need to get answers to, and NDNB can help with.

Determine Azure Tools and Solutions to Use: Microsoft Azure has a large number of security and compliance tools and solutions for helping protect your environment; tools that also can be deployed for helping meet growing regulatory compliance requirements.

Here’s a list of common tools that you need to know about and need to be using for security and compliance:

Operations Management Suite Security and Audit Dashboard

Azure Advisor

Azure Security Center

Azure Monitor

Log Analytics

Application Insights

NDNB has expertise in all the above tools for Microsoft Azure. Just another reason to consider us as your SOC 2 auditors.

Perform Essential Remediation: Remediation is often one of the most time-consuming and challenging aspects of becoming SOC 2 compliant, but it’s got to be done. Perhaps you have missing documentation, your security controls are without essential monitoring tools. Whatever the case is, NDNB can assist as we have expertise in all forms of remediation, from documentation creation to enhancing security controls. Remember, we’re certified Microsoft cloud experts, which means we know Azure inside and out.

Engage in Continuous Monitoring: Auditing can be a tiring and arduous process, something made worse long after your SOC 2 audit is completed. How so? Because as a business, you’ll need to continue to assess and enhance your internal controls – a concept known as continuous monitoring. It “can” be time-consuming and expensive, but thanks to NDNB, it doesn’t have to be as we offer proven solutions for continuous monitoring.

Microsoft Azure SOC 2 Compliance Experts – Fixed-Fee Pricing

More and more businesses are moving to the cloud – many of them to Microsoft Azure – and they’re now being asked by their customers to become SOC 2 compliant annually. Saving time on regulatory compliance – especially for businesses that use the Azure platform – begins by speaking with the Microsoft Azure certified auditing experts today. Speak with Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDNB’s SOC 2 Microsoft Azure expertise.